Set up and access your Cloud PCs from anywhere with a full Windows experience on any device using Windows 365.
Set up and access your Cloud PCs from anywhere with a full Windows experience on any device using Windows 365. Whether you’re working from a browser, the Windows app, or Windows 365 Link, your desktop, apps, and settings are always available — just like a traditional PC. As an admin, you can quickly provision and manage Cloud PCs for multiple users with Microsoft Intune.
Scott Manchester, Windows Cloud Vice President, shows how easy it is to set up secure, scalable environments, ensure business continuity with built-in restore, and optimize performance with AI-powered insights.
Work securely from anywhere.
Windows 365 acts like your personal PC in the cloud — scale CPU, RAM, and storage as needed. See it here.
Deploy Cloud PCs in minutes.
Provision Cloud PCs in just a few clicks with Microsoft Intune. Steps to set up Windows 365.
Built-in backup and restore capabilities.
See how you can restore a Cloud PC from a previous restore point. Check it out.
Watch our video here.
QUICK LINKS:
00:00 — Windows 365 Cloud PC
00:51 — Benefits to Cloud PCs
02:32 — How to set it up
04:58 — Provisioning process
06:16 — Options to connect to Cloud PC
07:40 — Restore Cloud PC
08:52 — Backups for PC forensics
09:44 — Failover options
11:36 — Change Cloud PC specs
12:51 — Connect from personal devices
14:28 — Wrap up
Link References
Check out https://aka.ms/W365Docs
Unfamiliar with Microsoft Mechanics?
As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.
- Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
- Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
- Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast
Keep getting this insider knowledge, join us on social:
- Follow us on Twitter: https://twitter.com/MSFTMechanics
- Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
- Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
- Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Video Transcript:
- Today on Microsoft Mechanics, we’re going to go deep on setting up Windows 365, Microsoft’s solution for Cloud PCs for your organization, and if you’re new to the concept, these are full Windows desktops that you can access directly from the cloud from almost any device, from your browser, the Windows app or even the new Windows 365 Link device. It’s the familiar Windows experience that you’re used to, but it’s accessible from anywhere. In fact, in the next few minutes, we’ll show you how to set up a complete running Windows 365 environment for multiple users. Then show the resulting experiences of what we set up on both managed and unmanaged devices and finally, how to manage your Cloud PCs once they’re up and running. And joining me today is Scott Manchester who leads the Windows 365 team who built the product, and he’s no stranger to Mechanics as well. Welcome to the show.
- Thanks, Jeremy. It’s great to be back.
- So why don’t we dive in? So for people used to physical PCs and really new to the Cloud PC concept, what are the reasons that somebody might use Windows in the cloud?
- Yeah, that’s a question we get a lot, Jeremy. First, it’s just how seamless the end user experience is. Now, even though this experience is being streamed from the Cloud, Windows 365 just feels like using a physical PC. With all of your apps and settings, everything just works as you’d expect it to. And with all of the available sizing options, there’s something for any use case, from graphics-intensive GPUs, all the way to shared frontline worker scenarios. Now, that said, unlike a physical PC, the specs of your Cloud PC, like your storage, compute, and RAM, can be changed over time as your needs evolve. And from a security perspective, you have control over network access based on the connecting device where you can tailor permissions and protections for your data and resources, depending on whether that device is managed or unmanaged. And they’re also more resilient. Backup and restore services are provided by default. A non-functioning Cloud PC can be restored back to a healthy state in just minutes.
- And this is great because even recently, we’ve seen, and some of us have even felt situations where third-party updates can take down thousands of PCs, so with Windows 365, there’s a fast path to recovery.
- Yeah, it really provides next-level resiliency. And there’s another important reason for considering a Cloud PC. If you’re currently on Windows 10, with support ending in October of this year, 2025, Windows 365 is a nice option to migrate to Windows 11 as part of your PC refresh, and Extended Security Updates for the Cloud PCs, and Windows devices connecting to them are included.
- And this’ll be a great option for a lot of people, a lot of different devices, and it’s also pretty easy to set up.
- Yeah, it really is, even if you have zero experience with desktop virtualization. In fact, let me show you how. From the Microsoft Intune admin center, you can get one or hundreds of Cloud PCs up and running in just a few minutes. Now, the first step is to create a Provisioning Policy, so I’ll head over to that tab. And you can see that I already have a few set up, but let’s go ahead and create a new one. Now, there are six simple steps to setup a new policy. First, let’s give this policy a name. In this case, let’s use East US Engineers. Now, for these users, we will provision Windows 365 Enterprise Cloud PCs. And this group of users also are using Microsoft Entra join, but if you’re also using Active Directory, you have an option to choose hybrid join. Now, if you do use hybrid join, you’ll need to set up an Azure Network Connection and have access to a domain controller. But it’s easier with Entra join where you can use the Microsoft Hosted Network option. Now, this is similar to putting these Cloud PCs on the public internet behind a NAT, and optionally securing that network traffic with a VPN, like you might use now with your managed physical devices. Now, next, because our users are in North Carolina, for this geography, I’m going to choose US East. For the region, I’ll let Microsoft choose within that geography. You’ll see there are two options here in US East. Choosing this option allows seamless migration to closer or higher-performing Azure datacenters as they become available. And the last option is to support Single Sign-On, which allows users to authenticate just once for their Cloud PC and other Entra-enabled services, like Microsoft 365. Now, next, I can choose one of the curated images available here or even upload my own custom image. Now, I’m going to keep the latest Windows 11 image with the Microsoft 365 apps pre-installed. Now, it’s also optimized to run in the cloud for experiences like Teams video calls. When I move on to the Configuration tab, I can choose from dozens of alternate languages to have pre-installed. Now, below that, I even have the option to enroll these Cloud PCs into Autopatch To save time, I’ll skip Scope Tags for now, but I can add those later. Now in the Assignment tab, I’ll just need to assign what group of users will get Cloud PCs provisioned using this Provisioning Policy. Now, I’ve created a group for East US Engineers in advance, so I’ll add this group to the policy. And now I can review all of my settings and select Create.
- So is that going to start the provisioning process then for everyone that you scoped in that group?
- Almost. We have one more step. I still need to configure the Cloud PCs’ sizes and specs, like CPUs, RAM, and storage, by assigning licenses with those specs to the group. Let me walk through that process. In the Microsoft 365 admin center, in advance, I’ve pre-purchased a few different licenses. Now, we’ll give our engineers fairly high-spec Cloud PCs. Now, of course, you can change these at any time. In the Groups tab, I just need to assign my East US Engineers, so I’ll filter the list. There’s my group. I’ll go ahead and select it, and now just confirm. And this will start the VM creation process. In about 20 minutes, all users in this group will have a personal Cloud PC up and running.
- So while the provisioning process runs, why don’t you explain what’s happening behind the scenes?
- Sure, there’s a lot more going on under the covers here. Each Windows 365 supported region has multiple Azure zones. When the Cloud PCs are provisioned, they are split between the Azure zones in that region. And within the zone itself, three copies are made of the Cloud PC’s disc for additional resiliency. And then after the Cloud PC is provisioned, the service immediately starts taking backups of the Cloud PC. And these backups can be restored by the Windows 365 admins, and optionally, if you allow it, even directly by the users themselves.
- Okay, so now let’s fast forward a few minutes. With the Cloud PCs provisioned, what does that experience look like?
- So yeah, sure. So now we’re ready to go. And as a user, I have a few options to connect to my Cloud PC. I’m going to use a locally installed Windows app on my managed surface Laptop here. Now, this is my new Cloud PC that was just provisioned, and I’ll go head and connect to it. And because we configured single sign-on, I don’t need to enter my credentials a second time. And you’ll see this is a full desktop experience, and if I open the Start menu, there are all of my provisioned apps in Microsoft 365. Now, because I’m in the cloud, let me open the Edge browser to show you the network connection speed from the Cloud PC. I’ll go ahead and run this, and in this case, you can see I’m seeing 2.4 gigabits down. Now, my home network is only 50 megabits but that’s okay because I’m just remoting the screen content, whereas my Cloud PC can collaborate with people all over the world, and share large files, which is a much faster network. And if I open File Explorer, my policy allows me to see the local drive on a corporate managed device, like my Surface laptop here. In fact, as an admin, you have full control over connected peripherals, like clipboard redirection, even more based on your needs. And as I’ll show you in a bit, this can vary by device type, and whether other devices are enrolled in management.
- And it’s really a huge advantage here in terms of being able to leverage superior network performance that you get from the cloud effectively. Now, we’ve talked a lot about resiliency, how easy is it then to restore Cloud PCs if you need to do that?
- Well, let me show you. With backup and restore capabilities built into Windows 365, I can show you how you can restore a Cloud PC from a previous restore point. So I’m in the All Cloud PCs view, and I’ve filtered the list to show my devices. The top one here is my GPU Max Cloud PC, and I’ll take a look at its properties. I can take a quick action to restore here from the overview page, but let’s go the Restore Points menu. Now, here you can see there are 14 restore points. And for 10 of these, I can configure the restore point objective from 4 to 24 hours. Now, mine in this case are set up to create a backup every six hours. Now, the bottom four are hard set as rolling weekly backups of one per week for the last four weeks. From here I can create another new restore point. I just need to configure the basics of my Azure subscription, here the storage account I want to use for backups, and the access tier. Now, I’ll keep the recommended Hot tier here. And once I create this, it takes a few moments to create the additional manual restore point while the Cloud PC is still running. And since this manual restore point is in my defined own storage account, I can keep that as long as I want to restore from it.
- Okay, so aside from cases like maybe reactive ransomware or other issues, where else might you use this?
- Well, this also can be used when I want to run PC forensics. For example, you might place a Cloud PC under review as part of an ongoing investigation. So let me show you this. So I’m back here in the Cloud PC overview page. And here in the ellipse menu, you can see an option to place this Cloud PC under review. Now, I can use the same subscription and storage account details as the backup I just showed you to archive the full image of the Cloud PC. Under that, I have two Access modes to select from: Block access, which will notify the user that their Cloud PC is under review, and block their access until complete, or I can allow access, which will capture the image at this moment in time and allow the user to continue to use their Cloud PC. And once I place the Cloud PC under review, I can use the stored backup image to mount it and then run those forensics.
- And these are all important enterprise-ready capabilities in terms of using backups. Now, failover, it’s also pretty important for high availability and disaster recovery planning. So what options do we have there?
- Right, this is super important for business continuity. Let me show you a couple options. So this time I’m going to start in the Reports view in the Intune admin center, and I’ll move over to the Cloud PC overview page. Now I’ll head over to the Business Continuity and Disaster Recovery status report. If you look at the license type column, you’ll see that there’s a new optional paid add-on that extends backups to an additional alternate region and all of these Cloud PCs are licensed for cross-region. So it’s another layer of resilience in the case of a natural disaster or other event that could impact a region. It also allows these Cloud PCs to be recovered from a backup in that alternate region. Now, back in the Windows 365 page, I’m in the User Settings tab now. And here you can see I’ve have created two policies. I’ll open the second policy with cross-region disaster recovery enabled. Now, if I open the policy settings, you’ll see this is where you can enable admin privileges, allow users to restore their Cloud PCs, and also, how often those restore points are made. You can also enable cross-region disaster recovery from here as well. Now, if I click on edit, you can see even more details for the cross-region backups. This dropdown for additional DR options also has a new option for Disaster Recovery Plus, which enables faster recovery time, lower risk of data loss, and pre-allocated capacity compared to the standard disaster recovery if you experience an outage. Now, for geography, the Cloud PCs in scope for this policy are provisioned in US East, so I set my cross-region DR geography to Central US. Now, if there was any type of geographical outage in the East Coast, my users can recover from a backup in a nearby region in the Central or South Central US.
- Right, and all of these different resiliency options make Windows 365 ideal for mission-critical desktops with really minimal downtime. Now, earlier, you also mentioned we could change Cloud PC specs from what was originally provisioned. So how would I make these types of decisions?
- Yeah, it’s pretty easy. So this is where reports help guide you in these decisions. Now, remember, you don’t need to future-proof and over-spec your Cloud PCs like you do with physical hardware. If anything, you want to start with a size smaller, and then as needed, you can scale them up from there. Let me show you where you find that information. Now, back in our Cloud PC overview reports, you’ll see that we have reporting for Cloud PC recommendations. These actually leverage AI to analyze compute utilization and how well the Cloud PC is performing for each individual user so that you can make data-driven decisions about Cloud PC sizing. For example, in my small tenant, I have nine rightsized Cloud PCs, two that look undersized and one that’s underutilized, and you can dig into the details for each of these. Now, this way you’re matching the right spec for how a Cloud PC and how it’s being used versus just guessing or waiting for people to contact you and tell you that they’re having performance issues.
- So this process is really painless then for both admins, as well as end users. The nice thing here is that you just need to log out and back in, and all those spec changes are automatically applied. Now, you also mentioned that you can also connect from an unmanaged device, so how does that work?
- Well, so far, I’ve been using this corporate managed Surface laptop here, but I also have my own iPad that I can connect to Windows 365 as well. Now, even without enrolling this device in Intune, we can control the experience to keep the work data protected. Let me show you the policies we set up for this. I have the Conditional Access policies page open in Intune. Now, this first policy uses Mobile Application Management to ensure that I can control how the Windows 365 app is used, even on unmanaged devices, like my iPad. Now, the second one requires mobile devices to use passkey authentication. And the third one here triggers multifactor authentication when users are outside of their home region. And I can show you the effects of these policies on my iPad here, so you can see just how this compares to what I showed you earlier on a managed device. Now, on my own iPad, there’s the Cloud PC that we just provisioned, and that I connected to on my managed machine. Now, I’ll go ahead and connect to it. And you’ll see that I need to use multi-factor authentication to securely connect with a passkey, so it’s already different from what we saw before with the single sign-on experience on my corporate managed PC. Now, once I’m in, you’ll see the session is exactly how I left it with the browser and File Explorer open. Notice how the local iPad file system is not visible here, and, of course, the previous Windows host file system disappears because I’m no longer connected to that device. So this file system integration is only permitted for trusted and managed devices.
- Right, and this way you’re able to control the access level based on the connected device. And it’s been a great deep-dive to see how everything works, along with how easy everything is to set up. So for anyone who’s watching right now, looking to get started, what do you recommend?
- It’s easy. For admins, check out aka.ms/W365Docs. It’s the best place to go to to get all of the options around Windows 365 and to get up and running fast.
- Good stuff. Thanks for joining us today, Scott. And thank you for joining us as well. And be sure to subscribe if you haven’t already. And we’ll see you again soon.
Published Apr 04, 2025
Version 1.0Zachary-Cavanell
Bronze Contributor
Joined July 14, 2016
Microsoft Mechanics Blog
Follow this blog board to get notified when there's new activity